Authentication

All API requests require authentication using your API keys. Learn how to securely authenticate your requests to the UltraPay API.

API Keys

Every request to the UltraPay API must include your API keys in the request headers:

http
X-Public-Key: upp_xxxxxxxxxxxxxxxxxxxxxx
X-Secret-Key: ups_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
HeaderDescription
X-Public-KeyYour public API key (starts with upp_)
X-Secret-KeyYour secret API key (starts with ups_)

⚠️ Keep your secret key safe! Never expose it in client-side code, public repositories, or anywhere it could be accessed by unauthorized users.

Get Your API Keys

  1. Log in to your UltraPay Dashboard
  2. Navigate to Groups → Select your group
  3. Copy your Public Key and Secret Key

Example Request

Here's how to include authentication headers in your API requests:

bash
curl -X GET https://pay.ultrapay.cc/api/v1/auth/test \
  -H "X-Public-Key: upp_your_public_key" \
  -H "X-Secret-Key: ups_your_secret_key"

Using JavaScript (Node.js)

javascript
const response = await fetch('https://pay.ultrapay.cc/api/v1/auth/test', {
  headers: {
    'X-Public-Key': 'upp_your_public_key',
    'X-Secret-Key': 'ups_your_secret_key',
  },
});


const data = await response.json();

Using Python

python
import requests


response = requests.get(
    'https://pay.ultrapay.cc/api/v1/auth/test',
    headers={
        'X-Public-Key': 'upp_your_public_key',
        'X-Secret-Key': 'ups_your_secret_key',
    }
)


data = response.json()

Security Best Practices

  1. Never expose your secret key in frontend code or public repositories
  2. Use environment variables to store API keys in your application
  3. Rotate keys periodically if you suspect they may have been compromised
  4. Use separate keys for development and production environments
navigate select